From 18c47c83ef92dd3fbce6685808d91c7e3873b630 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 6 Jun 2014 17:49:59 +0200
Subject: [PATCH] Added ocserv-genkey

---
 ocserv-genkey | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100755 ocserv-genkey

diff --git a/ocserv-genkey b/ocserv-genkey
new file mode 100755
index 0000000..687d685
--- /dev/null
+++ b/ocserv-genkey
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+#generate CA certificate/key
+if test ! -f /etc/pki/ocserv/private/ca.key;then
+certtool --generate-privkey --outfile /etc/pki/ocserv/private/ca.key >/dev/null 2>&1
+echo "cn=`hostname -f` CA" >/etc/pki/ocserv/ca.tmpl
+echo "expiration_days=-1" >>/etc/pki/ocserv/ca.tmpl
+echo "serial=1" >>/etc/pki/ocserv/ca.tmpl
+echo "ca" >>/etc/pki/ocserv/ca.tmpl
+echo "cert_signing_key" >>/etc/pki/ocserv/ca.tmpl
+certtool --template /etc/pki/ocserv/ca.tmpl \
+	--generate-self-signed --load-privkey /etc/pki/ocserv/private/ca.key \
+	--outfile /etc/pki/ocserv/cacerts/ca.crt >/dev/null 2>&1
+#rm -f /etc/pki/ocserv/ca.tmpl
+fi
+
+#generate server certificate/key
+if test ! -f /etc/pki/ocserv/private/server.key;then
+certtool --generate-privkey --outfile /etc/pki/ocserv/private/server.key >/dev/null 2>&1
+echo "cn=`hostname -f`" >/etc/pki/ocserv/server.tmpl
+echo "serial=2" >>/etc/pki/ocserv/server.tmpl
+echo "expiration_days=-1" >>/etc/pki/ocserv/server.tmpl
+echo "signing_key" >>/etc/pki/ocserv/server.tmpl
+echo "encryption_key" >>/etc/pki/ocserv/server.tmpl
+certtool --template /etc/pki/ocserv/server.tmpl \
+	--generate-certificate --load-privkey /etc/pki/ocserv/private/server.key \
+	--load-ca-certificate /etc/pki/ocserv/cacerts/ca.crt --load-ca-privkey \
+	/etc/pki/ocserv/private/ca.key --outfile /etc/pki/ocserv/public/server.crt >/dev/null 2>&1
+#rm -f /etc/pki/ocserv/server.tmpl
+fi
+
+exit 0